All versions of KingSCADA prior to v3.1.2.13 suffer from the vulnerability.

Successful exploitation of the reported vulnerability could allow an attacker to execute remote code.

WellinTech is a software development company specializing in automation and control. The company’s headquarters is in Beijing, China, with branches in the United States, Japan, Singapore, Europe, and Taiwan.

The WellinTech web site describes KingSCADA as a Windows-based control, monitoring, and data collection application deployed across several sectors including energy, water and wastewater systems, commercial facilities, and others.

The KingSCADA application has a stack-based buffer overflow vulnerability where the application overwrites the structured exception handler (SEH). An attacker could send a specially crafted packet to KingSCADA, and the application would handle the packet incorrectly, causing a stack-based buffer overflow. This could allow the attacker to execute arbitrary code as the currently running user, which would affect confidentiality, integrity, and availability.

CVE-2014-0787 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.